REST input channel authentication

I’ve been developing with the REST channel input, but just realised that there seems to be no authentication possible at the moment. The --auth_token argument in works for the endpoints created by the --enable_api argument, but seems it doesn’t apply to any endpoints on /webhooks/…, which is where the rest and callback interfaces reside.

Have I missed something? Is it possible to restrict access to /webhooks/rest/webhook out-of-the-box or do I need to stand up another server process and rout traffic through that one?


I’m having the same problem. Wondering if anyone managed to solve this in any way.